VYPR

Mailster

by WordPress

Source repositories

CVEs (4)

  • CVE-2024-32523HigMay 17, 2024
    risk 0.57cvss 8.1epss 0.02

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in EverPress Mailster mailster.This issue affects Mailster: from n/a through <= 4.0.6.

  • CVE-2025-64203HigDec 18, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EverPress Mailster mailster allows Reflected XSS.This issue affects Mailster: from n/a through < 4.1.14.

  • CVE-2024-30503HigMar 29, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EverPress Mailster mailster.This issue affects Mailster: from n/a through <= 4.0.6.

  • CVE-2024-11782Dec 3, 2024
    risk 0.00cvss epss 0.00

    The WP Mailster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mst_subscribe' shortcode in all versions up to, and including, 1.8.17.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…